From 2c99b60fec77a49a7a0375a8a54d58e417e5b662 Mon Sep 17 00:00:00 2001 From: Bailetti Tommaso Date: Tue, 7 Jan 2025 16:41:03 +0100 Subject: [PATCH] refactor(netmap): using procd instead of pre-post commits (#999) --- packages/ns-netmap/Makefile | 15 ++++++++--- packages/ns-netmap/files/generate-netmap.py | 16 ------------ packages/ns-netmap/files/ns-netmap | 12 ++++++--- packages/ns-netmap/files/ns-netmap.init | 28 +++++++++++++++++++++ packages/ns-netmap/files/reload-netmap.py | 15 ----------- 5 files changed, 48 insertions(+), 38 deletions(-) delete mode 100755 packages/ns-netmap/files/generate-netmap.py create mode 100755 packages/ns-netmap/files/ns-netmap.init delete mode 100755 packages/ns-netmap/files/reload-netmap.py diff --git a/packages/ns-netmap/Makefile b/packages/ns-netmap/Makefile index ce5a95718..583be5350 100644 --- a/packages/ns-netmap/Makefile +++ b/packages/ns-netmap/Makefile @@ -37,15 +37,22 @@ endef define Build/Compile endef +define Package/ns-netmap/postinst +#!/bin/sh +if [ -z "$${IPKG_INSTROOT}" ]; then + /etc/init.d/ns-netmap enable + /etc/init.d/ns-netmap restart +fi +exit 0 +endef + define Package/ns-netmap/install $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/etc/config - $(INSTALL_DIR) $(1)/usr/libexec/ns-api/pre-commit - $(INSTALL_DIR) $(1)/usr/libexec/ns-api/post-commit $(INSTALL_BIN) ./files/ns-netmap $(1)/usr/sbin/ns-netmap $(INSTALL_CONF) ./files/config $(1)/etc/config/netmap - $(INSTALL_BIN) ./files/generate-netmap.py $(1)/usr/libexec/ns-api/pre-commit/ - $(INSTALL_BIN) ./files/reload-netmap.py $(1)/usr/libexec/ns-api/post-commit/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ns-netmap.init $(1)/etc/init.d/ns-netmap endef $(eval $(call BuildPackage,ns-netmap)) diff --git a/packages/ns-netmap/files/generate-netmap.py b/packages/ns-netmap/files/generate-netmap.py deleted file mode 100755 index 0d398e043..000000000 --- a/packages/ns-netmap/files/generate-netmap.py +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/python - -# -# Copyright (C) 2024 Nethesis S.r.l. -# SPDX-License-Identifier: GPL-2.0-only -# - -# This script configures netmap firewall rules. - -import subprocess -from euci import EUci -from nethsec import utils, firewall - -# The changes variable is already within the scope from the caller -if 'netmap' in changes: - subprocess.run(["/usr/sbin/ns-netmap"]) diff --git a/packages/ns-netmap/files/ns-netmap b/packages/ns-netmap/files/ns-netmap index 1c5a94f56..0ae5c120e 100644 --- a/packages/ns-netmap/files/ns-netmap +++ b/packages/ns-netmap/files/ns-netmap @@ -12,6 +12,8 @@ # import os +import subprocess +import sys import ipaddress from euci import EUci from nethsec import utils @@ -79,9 +81,13 @@ def generate_rules(): df.close() def main(): - setup() - cleanup() - generate_rules() + if len(sys.argv) > 1 and sys.argv[1] == "cleanup": + cleanup() + else: + setup() + cleanup() + generate_rules() + subprocess.run(['/etc/init.d/firewall', 'reload']) if __name__ == "__main__": main() diff --git a/packages/ns-netmap/files/ns-netmap.init b/packages/ns-netmap/files/ns-netmap.init new file mode 100755 index 000000000..fb81b9011 --- /dev/null +++ b/packages/ns-netmap/files/ns-netmap.init @@ -0,0 +1,28 @@ +#!/bin/sh /etc/rc.common + +# +# Copyright (C) 2025 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-2.0-only +# + +START=99 +USE_PROCD=1 + +start_service() { + # Main service + procd_open_instance + procd_set_param command /usr/sbin/ns-netmap + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance +} + +stop_service() { + # Destroy nft table + /usr/sbin/ns-netmap cleanup +} + +service_triggers() +{ + procd_add_reload_trigger netmap +} diff --git a/packages/ns-netmap/files/reload-netmap.py b/packages/ns-netmap/files/reload-netmap.py deleted file mode 100755 index 794b3a16c..000000000 --- a/packages/ns-netmap/files/reload-netmap.py +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/python - -# -# Copyright (C) 2024 Nethesis S.r.l. -# SPDX-License-Identifier: GPL-2.0-only -# - -# This script configures netmap firewall rules. - -import subprocess - -# The changes variable is already within the scope from the caller -if 'netmap' in changes: - # force firewall reload: fw4 does not reload if there any changes in /usr/share/nftables.d - subprocess.run(["/etc/init.d/firewall", "reload"])